SB2024041570 - SUSE update for emacs

Description

This security bulletin contains information about 3 secuirty vulnerabilities.

1) Insufficient verification of data authenticity (CVE-ID: CVE-2024-30203)

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to Gnus treats inline MIME contents as trusted. A remote attacker can trick the victim to open a specially crafted file and execute arbitrary code on the system.

2) Insufficient verification of data authenticity (CVE-ID: CVE-2024-30204)

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to LaTeX preview is enabled by default for e-mail attachments. A remote attacker can trick the victim to open a specially crafted file and execute arbitrary code on the system.

3) Insufficient verification of data authenticity (CVE-ID: CVE-2024-30205)

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to Emacs in Org mode considers contents of remote files to be trusted. A remote attacker can trick the victim to open a specially crafted file and execute arbitrary code on the system.

Remediation

Install update from vendor's website.

References

• https://www.suse.com/support/update/announcement/2024/suse-su-20241294-1/